Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug in Radius NAS IP Attribute

    Scheduled Pinned Locked Moved Captive Portal
    1 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      Enrica_CH
      last edited by

      I use pfsense with an external RADIUS Server and pfsense in CARP mode. Therefore I want to use the virtual CARP IP address to identify my NAS to radius server. The section box "RADIUS NAS IP" on service page captiveportal lists ths virtual adresses. If I select the virtual adress instead of a physical interface address then

      • the selection box shows the first entry (WAN) on the reloaded page but in config.xml the IP address is correct

      • the request to radius server uses the physical IP adress as nas host ip instead of the selected virtual address. So client.conf must have the phyiscal address. For me it's even worse because my radius serve is in another sub segment of another interface than captive portal.

      Example: Captiveportal is on OPT7 (phys. 192.168.98.254) and virtual 192.168.98.1; my radius server is on ip 192.168.30.8 (in segment 192.168.30.0/24) –> client.conf must be 192.168.30.254 otherwise the request is rejected as unkown host. The calling station id is correct 192.168.98.1 what i have selected in NAS IP.

      Why is pfsense not using the selected NAS IP address as sending host address?

      This important for

      • making CARP transparent for RADIUS (users keeps logged in otherwise there are a lot open accounting records)
      • to configure one NAS only instead of two
      • calling station id is the same than the calling host

      What can i do?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.